Executive Summary
Summary | |
---|---|
Title | Microsoft Security Advisory 3152550 |
Informations | |||
---|---|---|---|
Name | KB3152550 | First vendor Publication | 2016-04-12 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft Security Advisory 3152550Update to Improve Wireless Mouse Input FilteringPublished: April 12, 2016 Version: 1.0
|
References | Identification |
Microsoft Knowledge Base Article | 3152550 |
Affected Software
This update in this advisory applies to the following operating systems:
Windows 7 |
Windows 7 for 32-bit Systems Service Pack 1 |
Windows 7 for x64-based Systems Service Pack 1 |
Windows 8.1 |
Windows 8.1 for 32-bit Systems |
Windows 8.1 for x64-based Systems |
Windows 10 |
Windows 10 for 32-bit Systems[1] |
Windows 10 for x64-based Systems[1] |
Windows 10 Version 1511 for 32-bit Systems[1] |
Windows 10 Version 1511 for x64-based Systems[1] |
[1] Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog
Affected Devices
For this advisory, the following Microsoft wireless devices are affected:
Sculpt Ergonomic mouse |
Sculpt Mobile Mouse |
Wireless Mobile Mouse 3000 v2.0 |
Wireless Mobile Mouse 3500 |
Wireless Mobile Mouse 4000 |
Wireless Mouse 1000 |
Wireless Mouse 2000 |
Wireless Mouse 5000 |
Arc Touch Mouse |
Advisory FAQ
What is the scope of the advisory?
The purpose of this advisory is to notify customers that an update is available to improve input filtering for affected Microsoft wireless mouse devices. The update enhances security by filtering out QWERTY key frames in communications issued from receiving USB wireless dongles to affected wireless mouse devices.
What causes the issue?
A vulnerability has been discovered that allows keyboard HID packets to be injected into Microsoft wireless mouse devices through USB dongles. USB dongles will accept keyboard HID packets transmitted to the RF addresses of affected wireless mouse devices.
What might an attacker use the vulnerability to do?
An attacker could use the vulnerability to inject arbitrary keyboard HID packets (for example, to simulate keystrokes) into a USB dongle.
How could an attacker exploit the vulnerability?
To exploit the vulnerability, an attacker could inject malicious commands into a victims computer through an attached USB dongle. The attack would require physical proximity to be in wireless range of the target computer. Note, however, that an attacker would not be able to sniff or recover plain text information, such as passwords, from encrypted sessions.
What does the update do?
The update improves input filtering for affected Microsoft wireless mouse devices. The update enhances security by filtering out QWERTY key packets in communications issued from receiving USB wireless dongles to affected wireless mouse devices.
Note The update does not support Windows Server. Also, the update supports only standalone wireless mouse devices, not wireless mouse devices that belong to Microsoft desktop products.
Suggested Actions
- Apply the update for supported releases of Microsoft Windows
The optional update is available through Windows Update. If automatic updating is enabled, customers can install the update automatically. For more information about how to turn on automatic updating, please see Windows Update. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
In some circumstances, customers who have enabled automatic updating may need to install this update manually, and can obtain the update from Microsoft Update Catalog. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 3152550.
Additional Suggested Actions
- Protect your PC
We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
- Keep Microsoft Software Updated
Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.
Other Information
Microsoft Active Protections Program (MAPP)
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.
Feedback
- You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.
Support
- Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
- Microsoft TechNet Security provides additional information about security in Microsoft products.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions
- V1.0 (April 12, 2016): Advisory published.
Original Source
Url : http://www.microsoft.com/technet/security/advisory/3152550.mspx |
Alert History
Date | Informations |
---|---|
2016-04-14 13:26:54 |
|
2016-04-12 21:23:29 |
|